package JDBC_Demo;

import org.junit.Test;
import pojo.Account;

import java.math.BigDecimal;
import java.sql.*;
import java.util.ArrayList;
import java.util.List;

public class JDBC_PreparedStatement {
    public static final String URL = "jdbc:mysql://localhost:3306/test01?useSSL=false&useServerPrepStmts=true";
    public static final String USER = "root";
    public static final String PASSWORD = "";
    @Test
    public void selectAccount() throws Exception {
        String name="";
        String password="";
        String sql="select*from tb_user where username=? and password =?";
        //1.加载驱动程序
        Class.forName("com.mysql.jdbc.Driver");
        //2. 获得数据库连接
        Connection conn = DriverManager.getConnection(URL, USER, PASSWORD);
        //3.操作数据库，实现增删改查
        //preparedstatement 将单引号转义了 \‘ 防止了sql注入
        PreparedStatement pstmt = conn.prepareStatement(sql);
        pstmt.setString(1,name);
        pstmt.setString(2,password);
        ResultSet resultSet = pstmt.executeQuery();
        if (resultSet.next()){
            System.out.println("success");
        }else {
            System.out.println("failure");
        }

        pstmt.close();
        conn.close();
    }
}
